[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: big word listing
>As a security measure, I am trying to get a massive dictionary of words
>together, and each time a user changes his/her password, it checks the list to
>see if the password is in it. My question is, are there any pre-built lists of
>this nature? I am currently only using a spelling dictoinary, and would like
>somthing a little bigger.
>
>
>
You're re-inventing the wheel. look for npasswd or passwd+. Both do things
like that. Or, better yet, don't use dictionaries at all (they're out of date
as soon as they're made available). Use rules that force your users to
choose good passwords (just don't be too Draconian. ;). We have a rule
that says a user must choose at least one upper case character, one lower
case character, and one number, symbol, or control character in his/her
password. It's met little resistance, a few complaints, and it's immune
to most dictionary password schemes. The only other restriction is that
they must have at least 6 characters in their passwords. That was already
"mostly" enforced, so there was no problem there.
This prevents people from picking passwords like the name of a significant
other, the name of a place, or some foreign language word that normal
dictionaries wouldn't necessarily catch, but some password cracking program
"might" (depending on who has the more recent dictionary).
This really is more along the charter of comp.unix.security though, and
not cypherpunks (IMHO).
--
____________________________________________________________________________
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
[email protected]
"Real programmers use cat > file.as"